Vulnerabilities / Threats // Insider Threats
8/6/2014
04:05 PM
Tal Klein
Tal Klein
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

The Illegitimate Milliner’s Guide to Black Hat

A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.

For this, my most clandestine assignment to date, Dark Reading asked me to go undercover among the hacking Black Hat masses to clear away the fog of public relations, false bravado, and one-upmanship in order to take a true pulse of this shadowy gathering.

My nom de plume for this incognito mission: Abe Abrahamson. (Who wouldn't trust a man named Abe?) A quick call to Kevin Mitnick to vet the aforementioned hypothesis with regard to my alter ego was met with his cunning impersonation of a disconnected number message (which I knew to be code for "Your cover is impeccable, grasshopper").

Under said auspices, and with my ticket to Las Vegas in one hand and a potent gin and tonic in the other, I settled into my seat and began to work on Abe's backstory, something learned from reading The Grugq's Guide to OPSEC and Thai Cuisine (amazing how much the two have in common). You see, one does not simply stroll into the world of a Bangkok hacker without knowing the rules.

  • Rule 1: Always smoke cigarettes.
  • Rule 2: Always have a backstory.
  • Rule 3: Well, I stopped reading the slide deck before Rule 3, but I want to believe it's "One does not speak of OPSEC when one's mouth is full of Thai cuisine."

After hacking my airplane's WiFi by cross-site scripting my credit card information at the login page, I learned from a stout United Airlines first officer that smoking is not permitted due to FAA regulations. Vaping is a gray area, and I didn't want to bring undue attention to myself before becoming fully immersed in Rule 2, so I endeavored to test my alter ego with the hoi polloi in preparation for prime time.

I began by socially engineering the friendly looking San Franciscan seated next to me in the exit row.

"Hi there. Name's Abe. Like Honest Abe, but I assure you, no relation whatsoever to Mr. Lincoln, although I do drive one," I began. "A Lincoln, that is, for I am a milliner. I design hats."

"Oh?" said the man, clearly falling for my ruse.

"Yes, my father was a haberdasher from Cornwall. But I never had the generalist's touch," I said, enriching my story with impeccable detail. "I knew from a young age that designing hats was my calling. No slinging silly bespoke buttons and frivolous silk ties from a fading red-bricked storefront in Cheshire for me. I would design hats!"

"So you make hats?" he replied, obviously impressed.

"Not so to speak. A hat-maker makes hats," I replied with confidence. "I am a milliner. I design hats."

"What's the difference?"

Cornered! Clearly this tourist in disguise was an expert hacker with full marks in social engineering. I had inadvertently walked into one of those infamous "capture the flag" contests, so I shifted strategy to earn his confidence with the hacker's secret handshake.

"I, er… I specialize in a certain kind of hat," I said, regaining my balance. "A black hat, if you get my meaning."

"You only make black hats? Like for hipsters or something?"

Oh, he was a wily one, clearly skilled in the dark arts. I was merely an amateur learning the ropes.

Thinking quickly I feigned a fit of narcolepsy, closing my eyes and going limp -- apart from the hand that still clutched my cocktail, the aid of which allowed my ruse to lapse into a real sleep that lasted until the plane descended on to the tarmac.

Avoiding eye contact with the flag bearer beside me, I rang my contact on the ground, a Mr. Hoff, who assured me that my cover was still good, but that it would be best to head for my hotel posthaste. Things were afoot. Wheels were in motion. Balls were in the air, and other such clichés of the trade.

Upon my arrival at Mandalay Bay, Mr. Hoff administered a brief Turing test of sorts, asking me to identify mine among a scroll of 1.2 billion passwords. Fortunately, the list was alphabetized, so I was able to find FlyingColours123 in no time. With the smug satisfaction of a test well passed, I was spirited away to a cocktail party, whereupon Mr. Hoff had me hobnobbing and rubbing elbows with various information security luminaries.

Honest Abe was once again fully engaged. With the aid of conversation's finest lubricants, my charade knew no bounds. I discussed iOS jail breaks, Faustian USB accessories, and the cuts of attendees' jibs (or hats, as it were). You see, through cunning interrogation, I learned that, though this tradeshow is called "Black Hat," it is about more than mere variations of the quintessential Chapeau Noir.

I met one sober bloke by the name of Jeremiah Grossman, crowned by a white hat, which I wrongly presumed to be in defiance of the status quo. He kindly stood me corrected. His hat was white, he explained, because he and his compatriots protected companies from black hatters who meant them ill. I also met chaps from Microsoft whose hats were blue, the explanation of which became lost in a hazy fog of disconnected memories aswirl in tinkling glasses, and perhaps a jester cap and bells.

The next morning, I awoke on the carpet facing the exhibit hall, my head resting on a makeshift pillow of ATM receipts. I had danced toe to toe with the infosec royalty I'd come to study and, like a butterfly out of metamorphosis, emerged as one of them. But what great epiphany could be drawn from this cyber transformation? Only this:

Heavy hangs the head that wears a black hat.

Tal Klein is Vice President of Strategy at Adallom. Previously, he was senior director of products at Bromium where he led product marketing and strategy from stealth mode to a multimillion-dollar business, disrupting the enterprise information security landscape. Prior to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/11/2014 | 7:58:44 AM
Re: "Heavy hangs the head that wears a black hat."
Yes, in the immoral words of 90's pop divas En Vogue, "back to life, back to reality." I would like to imagine that for all the money I've lost in Vegas, I've gained a cornucopia of knowledge, but we shall see. Thank you for the opportunity to go deep undercover. I doubt anyone who met me in Vegas suspected my ruse. :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/11/2014 | 7:41:32 AM
"Heavy hangs the head that wears a black hat."
"Abe" -- Hope your "heavy head" is a little lighter now that you are back at home after all the revelry at Black Hat (not to mention the mind-blowing research and info from all the briefings). Thanks for your witty view of all the fun going on behind the scenes. 
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/8/2014 | 11:17:38 AM
Re: try harder whitehats
From an OPSEC perspective, it would seem contrary to a Black Hat's cause to identiy themselves as a Black Hat. No?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/7/2014 | 9:20:23 PM
Re: try harder whitehats
I would agree with that, I have not heard anybody identifying themselves black hats, they always think they are white hats, if not gray hats.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 2:29:36 PM
Re: BH is for WHitehats
Really appreciate your honesty, there "Abe."
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/7/2014 | 1:08:42 PM
Re: try harder whitehats
yes, honey four zeros, you might have a point there. Shall we meet in the expo hall by the popcorn machine and compare tchotchkes?
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/7/2014 | 1:06:30 PM
Re: BH is for WHitehats
Sir, as I write this, I am in the midest of a Jiu Jitsu headlock administered by the same Jeremiah Grossman you speak of. I wish him no ill, he is a champion of industry, a man among men, a

I'm sorry I passed out there for while. What were we talking about?
honey0000
50%
50%
honey0000,
User Rank: Apprentice
8/7/2014 | 11:06:42 AM
BH is for WHitehats
I esp am laughig at the part of the article where you reference jeremiah grossman as being "against" the status quo by attending blackhat. You are severly incorrect. Jeremiah grossman is perfect for attending blackhat. As well as all other whitehat fools who think they are at a "dark" conference obtainig leet iformations about upcoming trends or zero.

What a f*cking joke to the real commuity.

 

LOL

 

like a real BH is going to pay 3K for your training courses/attendance. And if a BH's firm pays for it? They are passed out and not in attendance of * talks or the conference itself. Have fun "learning" at BH kids. lolol
honey0000
100%
0%
honey0000,
User Rank: Apprentice
8/7/2014 | 10:55:07 AM
try harder whitehats
conferences are for tools. try harder.

real blackhats DONT GO TO BLACKHAT

Conferences are for sellouts and wishers.

 
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.